Tutorials - Disabling restore

Summary: Information on disabling the restore utility when infected objects are in the restore database.
Updated: 20th March 2002
Author: Matt Ham
Company: Virus Bulletin

Procedure

The Restore utility is designed to retain a copy of important system files so that these can be extracted to replace any files deleted. Unfortunately, many anti-virus products cannot delete or disinfect files in the System Restore area (usually C:\_Restore), and these files can become infected.

In order to remove this source of infection the System Restore feature must be disabled, the files removed and then System Restore may be re-enabled. To do this the following procedure should be followed:

  • Right-click on the My Computer icon.
  • Select Properties and then the Performance tab.
  • Select File System and the Troubleshooting tab.
  • Select the option 'Disable System Restore'.
  • Select Apply and then Close twice. The System Restart prompt will appear.
  • Restart the computer.

The restarted machine will now have a C:\_Restore folder which can be disinfected or the files within it can be deleted or moved as desired.

In order to restore the System Restore function, the above process should be followed once more, with step four being reversed.

Poll

How should software and OS patching/security updates be managed?
Manually, at the user's discretion
Automatically via an optional, user-defined schedule
Automatically via a fixed, but optional schedule
Automatically via a fixed schedule, on by default with opt-out system
Automatically and silently, with no option to run unpatched

Leave a comment
View 19 comments
Jobs Recruit Sidebar

Malware Prevalence

Dropper-misc |################|
Waledac |###############|
Agent |###########|
NetSky |#######|
Invoice |######|
 View this month's full report
Virus Bulletin currently has 165,679 registered users.